Wawa faces fresh fallout from security breach

Wawa faces fresh fallout from security breach

Criminals may be trying to sell hacked payment card data from Wawa customers.

The convenience store retailer has received reports of illegal attempts to sell some customer payment card information potentially involved in a data breach it announced on Dec. 19, 2019. At that time, Wawa said it was notifying potentially impacted individuals about a data security incident that affected customer payment card information used at its stores between March 4 and Dec. 12, 2019.

In response to these reports, Wawa has alerted its payment card processor, payment card brands and card issuers to heighten fraud monitoring activities. Wawa said it continues to work closely with federal law enforcement in their ongoing investigation, and encourages customers to review charges on their payment card statements and promptly report any unauthorized use.

The retailer also said it will work to reimburse any customer who promptly notifies their card issuer of fraudulent charges related to the breach but does not get reimbursed. Customers who may have been affected can sign up for free credit monitoring and identity theft protection services.

Media reports indicate that at least six lawsuits have been filed in the wake of the breach. The suits allege that Wawa failed to adequately secure its computer systems against hackers. It is unclear if this latest revelation will affect existing suits or lead to new ones being filed.

Wawa continues to say that its investigation indicates the malware it discovered on Dec. 10 has been contained since Dec. 12, and that any exposed data was limited to payment card information including debit and credit card numbers, expiration dates and cardholder names, but not PIN numbers or CVV2 security numbers. The incident did not impact ATM transactions.

“At Wawa, nothing is more important than honoring and protecting our customers' trust,” the retailer said in a press release. “Wawa continues to take steps to enhance the security of our systems.”